cedar_policy 0.2.0-x64-mingw32 → 0.3.0-x64-mingw32
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/.rubocop.yml +2 -0
- data/README.md +55 -4
- data/lib/cedar_policy/3.0/cedar_policy.so +0 -0
- data/lib/cedar_policy/entities.rb +13 -1
- data/lib/cedar_policy/entity.rb +8 -4
- data/lib/cedar_policy/entity_uid.rb +4 -1
- data/lib/cedar_policy/version.rb +1 -1
- metadata +2 -2
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA256:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: 4943f5686e7bfe710ef7f2eb2cfeedc8b19fa20d79edf7b98d7c15ed717b2bcc
|
4
|
+
data.tar.gz: 169405ac1f5bffdc6ddb4330f147f3ed65785f5607007ea0a15409ac64668eb9
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: 93f3ec8578c318ccb2f08b0a91f3d7a6fa9337dd13349ae84377031e7047a7a731a4dc3c5897fb9c57f9e94cbfdeff9afc80866f603602e89399b48f69b8b3b9
|
7
|
+
data.tar.gz: 2e5f6563a420f3e07d3f311c4bbe68d74cafb90a3cba075573937fb703a46822b7c7359b57a0291c59a99339106823955c0e3d4ac1fde243f0d7af3cccff4784
|
data/.rubocop.yml
CHANGED
data/README.md
CHANGED
@@ -18,6 +18,10 @@ If bundler is not being used to manage dependencies, install the gem by executin
|
|
18
18
|
> [!WARNING]
|
19
19
|
> This gem is still under development and the API may change in the future.
|
20
20
|
|
21
|
+
### PolicySet
|
22
|
+
|
23
|
+
Define a policy by Cedar Language:
|
24
|
+
|
21
25
|
```ruby
|
22
26
|
policy = <<~POLICY
|
23
27
|
permit(
|
@@ -27,28 +31,75 @@ policy = <<~POLICY
|
|
27
31
|
);
|
28
32
|
POLICY
|
29
33
|
policy_set = CedarPolicy::PolicySet.new(policy)
|
34
|
+
```
|
35
|
+
|
36
|
+
> Currently, the single policy is not supported.
|
30
37
|
|
31
|
-
|
38
|
+
### Request
|
39
|
+
|
40
|
+
Prepare the Entity's ID via `EntityUid` or an object with `#to_hash` method which returns a hash with `:type` and `:id` keys.
|
41
|
+
|
42
|
+
```ruby
|
43
|
+
principal = CedarPolicy::EntityUid.new("User", "1") # or { type: "User", id: "1" }
|
32
44
|
action = CedarPolicy::EntityUid.new("Action", "view")
|
33
45
|
resource = CedarPolicy::EntityUid.new("Image", "1")
|
34
|
-
|
46
|
+
```
|
35
47
|
|
48
|
+
The `Context` object is used to store the request context. Use `Context` or an object with `#to_hash` method which returns a hash.
|
49
|
+
|
50
|
+
```ruby
|
51
|
+
ctx = CedarPolicy::Context.new({ ip: "127.0.0.1" }) # or { ip: "127.0.0.1" }
|
52
|
+
```
|
53
|
+
> The `Context` object can initialize without any arguments as an empty context.
|
54
|
+
|
55
|
+
Create a `Request` object with the principal, action, resource, and context.
|
56
|
+
|
57
|
+
```ruby
|
36
58
|
request = CedarPolicy::Request.new(principal, action, resource, ctx)
|
59
|
+
```
|
37
60
|
|
61
|
+
### Entities
|
62
|
+
|
63
|
+
Define the entities with related this request. It should be an array of `Entity` objects which have `#to_hash` method returns a hash with `:uid`,`:attrs`, and `:parents` keys.
|
64
|
+
|
65
|
+
```ruby
|
38
66
|
entities = CedarPolicy::Entities.new([
|
39
67
|
CedarPolicy::Entity.new(
|
40
68
|
CedarPolicy::EntityUid.new("User", "1"),
|
41
|
-
{ role: "admin" }
|
42
|
-
|
69
|
+
{ role: "admin" },
|
70
|
+
[] # Parents' EntityUid
|
71
|
+
),
|
72
|
+
{
|
73
|
+
uid: { type: "Image", id: "1" },
|
74
|
+
attrs: {},
|
75
|
+
parents: []
|
76
|
+
}
|
43
77
|
])
|
78
|
+
```
|
44
79
|
|
80
|
+
### Authorizer
|
81
|
+
|
82
|
+
Create an `Authorizer` object and authorize the request with the policy set and entities.
|
83
|
+
|
84
|
+
```ruby
|
45
85
|
authorizer = CedarPolicy::Authorizer.new
|
86
|
+
```
|
87
|
+
|
88
|
+
If boolean result is enough, use `#authorize?` method.
|
89
|
+
|
90
|
+
```ruby
|
46
91
|
authorizer.authorize?(request, policy_set, entities) # => true
|
92
|
+
```
|
47
93
|
|
94
|
+
If you want to get the decision object, use `#authorize` method.
|
95
|
+
|
96
|
+
```ruby
|
48
97
|
response = authorizer.authorize(request, policy_set, entities)
|
49
98
|
response.decision # => CedarPolicy::Decision::ALLOW
|
50
99
|
```
|
51
100
|
|
101
|
+
> The diagnostics is not supported yet in the response.
|
102
|
+
|
52
103
|
## Roadmap
|
53
104
|
|
54
105
|
* [ ] Add DSL to improve developer experience
|
Binary file
|
@@ -3,8 +3,20 @@
|
|
3
3
|
module CedarPolicy
|
4
4
|
# :nodoc:
|
5
5
|
class Entities
|
6
|
+
include Enumerable
|
7
|
+
|
6
8
|
def initialize(entities = [])
|
7
|
-
@entities = Set.new(entities
|
9
|
+
@entities = Set.new(entities.map do |entity|
|
10
|
+
next entity if entity.is_a?(Entity)
|
11
|
+
|
12
|
+
Entity.new(*entity.values_at(:uid, :attrs, :parents))
|
13
|
+
end)
|
14
|
+
end
|
15
|
+
|
16
|
+
def each(&block)
|
17
|
+
return enum_for(:each) unless block_given?
|
18
|
+
|
19
|
+
@entities.each(&block)
|
8
20
|
end
|
9
21
|
|
10
22
|
def to_ary
|
data/lib/cedar_policy/entity.rb
CHANGED
@@ -6,15 +6,19 @@ module CedarPolicy
|
|
6
6
|
attr_reader :uid, :attrs, :parents
|
7
7
|
|
8
8
|
def initialize(uid, attrs = {}, parents = [])
|
9
|
-
raise ArgumentError unless uid.is_a?(EntityUid)
|
9
|
+
raise ArgumentError unless uid.is_a?(EntityUid) || uid.is_a?(Hash)
|
10
10
|
|
11
|
-
@uid = uid
|
11
|
+
@uid = if uid.is_a?(EntityUid)
|
12
|
+
uid
|
13
|
+
else
|
14
|
+
EntityUid.new(*uid.values_at(:type, :id))
|
15
|
+
end
|
12
16
|
@attrs = attrs
|
13
17
|
@parents = Set.new(parents)
|
14
18
|
end
|
15
19
|
|
16
|
-
def
|
17
|
-
|
20
|
+
def eql?(other)
|
21
|
+
hash == other.hash
|
18
22
|
end
|
19
23
|
|
20
24
|
def hash
|
@@ -8,11 +8,14 @@ module CedarPolicy
|
|
8
8
|
def initialize(type_name, id)
|
9
9
|
@type_name = type_name.to_s
|
10
10
|
@id = id.to_s
|
11
|
+
|
12
|
+
freeze
|
11
13
|
end
|
12
14
|
|
13
|
-
def
|
15
|
+
def eql?(other)
|
14
16
|
hash == other.hash
|
15
17
|
end
|
18
|
+
alias == eql?
|
16
19
|
|
17
20
|
def hash
|
18
21
|
[self.class, @type_name, @id].hash
|
data/lib/cedar_policy/version.rb
CHANGED
metadata
CHANGED
@@ -1,14 +1,14 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: cedar_policy
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 0.
|
4
|
+
version: 0.3.0
|
5
5
|
platform: x64-mingw32
|
6
6
|
authors:
|
7
7
|
- Aotokitsuruya
|
8
8
|
autorequire:
|
9
9
|
bindir: exe
|
10
10
|
cert_chain: []
|
11
|
-
date: 2024-
|
11
|
+
date: 2024-09-07 00:00:00.000000000 Z
|
12
12
|
dependencies: []
|
13
13
|
description: Ruby bindings for Cedar policy evaluation engine.
|
14
14
|
email:
|